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Abstract 

As we know that now a days the possibility of the uninterrupted attacks on 
the IOT devices are increasing. The less memory and the minute process- 
ing power of these appliances make it tough for the security analyst to store 
the records of the different attacks. The forensic analysis is used to evalu- 
ate the damage done on the devices due to numerous attacks. In this mecha- 
nism the attacks on the IOT devices are detects undoubtedly by using machine- 
to-machine (M2M) framework. In addition to the using machine-to-machine 
framework the machine learning algorithms also been used to identify various 
attacks automatically. Here we use the third-party logging server in order to 
issue. The execution will be studied in the form of accuracy, precision and the 
Random Forest gives the most accuracy. 
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1. Introduction: IoT devices and cyberattacks is each progressively 


When connected to the internet, IOT devices may growing (Sikder et al.). 


safely gather and share data (Vishwakarma and 
Jain).The wide range of applications in it and pro- 
vide the evolution of a number of innovations, such 


Denial of service (DOS) is among the most famil- 
iar Infiltration of the IoT network. According to 
Cisco’sannualnet look at DDoS cyberattacks are 


as wearable technology, smart cities, smart meter- 
ing, smart thermostats, and smart homes (Yang et 
al.). The Internet of Things has simplified human 
lives (Javaid and Khan). 


In spite of the reality that the applications of 
IoT are continuously increasing, IoT tool reliabil- 
ity stays a limitation (Hossain et al.). The manufac- 
tures of these devices are often engrossed with get- 
ting original appealing capabilities and modifying 
to improve the devices’ intelligence and efficiency 
without increasing their price secured (Alladi et al.). 
In reality, There have been various cyberattacks on 
IoT devices in current as a result of years insuffi- 
cient safety features (Almogren). The number of 
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expected to increase between 2018 and 2023.from 
the given diagram it compares the quantity of fea- 
sible DDoS assaults are every year (Hussain et 
al., “IoT DoS and DDoS Attack Detection using 
ResNet’). In addition, determined that IoT DoS 
attacks are constantly growing each day. It’s far 
suggested by using the Palo Alto Networks Unit 42 
studies crew 98% of IoT devices’ traffic does not 
always encrypted, exposing the exclusive records 
network traffic and attacks on the network and sys- 
tems at multiple levels (Stergiou et al.). It will 
increase the threat space for attackers, when these 
unprotected linked Internet of Things devices are 
on the network. In step with Kaspersky’s Research, 
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1.5 billion assaults on IoT hardware has been men- 
tioned within the initial half of 2021 (Hussain et al., 
“Towards a Universal Features Set for IoT Botnet 
Attacks Detection’’). 
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A year-by-year analysis of Intru- 


Moreover, IoT devices for smart homes which 
includes the various IoT devices, as smart cam- 
eras divide the 25% of the malware attacks 
in a botnet assault (Yousefnezhad, Malhi, and 
Framling). Through The Mirai attack takes use 
of default Credentials and obtained manipulate 
on hundreds million IoT devices and conducted 
a distributed denial of service (DDoS) assault 
against key systems (Tawalbeh et al.). HP addi- 
tionally pronounced roughly 70% of machines 
are prone (Mariyanayagam, Shukla, and Virdee). 
Therefore, the security flaws for the tools need very 
secure (Gupta, R. Kumar, and A. Kumar). Security 
flaws is one of the weakness in devices which offers 
a prime target for hackers. Wrong component try- 
ing out, a scramble for price, as well as a scarcity 
of powerful rules are also the primary Reasons of 
IoT threats (Karabiyik and Akkaya). The structure 
is necessary to identify upon the assaults on vari- 
ous tools, store verification of those threats (Mazhar 
et al.). The vulnerabilities of devices can be miti- 
gated by applying the forensic evaluation. Further, 
the assault and perpetrator may be clearly identified. 

IoT devices are able to reduce a constrained 
procedure for variety a set of specified instruc- 
tions (Haider et al.). Correspondingly, among the 
IoT devices They are unable to acquire, interpret, or 
record, analyze connectivity. Because of the archi- 
tecture of IoT device they are more complex for 
security analyst in case of store the data among the 
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various attacks. Due to those constraints, the gath- 
ering of facts is a significant task in forensic anal- 
ysis . To make IoT environment more secure and 
robust some of the special tools and approaches are 
required. In case of the research purpose the devices 
are Better appropriate analytical approaches should 
be developed and used. 


The following mentioned issue is avoided along 
with assistance of forensic analysis approach. We 
provided a framework which executes the threats 
with detection, recognition and generate the records 
and warnings for these threats. This is focused 
with security Incident control (SIM) for recogniz- 
ing security incidents are done at the computer net- 
work, after which proper precautions are taken and 
finished some constraints of security ideas which are 
harmed. Forensics analysis is distinct to network 
auditing as it is the pre-examination of a network’s 
flaws while forensic analysis is the post-examination 
of security misfeasance that What happened to the 
document and when it happened. 


Acquiring the data is one of the problem that 
is addressed by employing a third-party logging 
server. The traffic generated towards the devices are 
routed towards the server, in this forensic analysis 
is used to generate and store the logs and alerts of 
malicious attacks. to acquire data about the assaults 
and the perpetrators the previously saved records are 
recreated, and analyzed in a server. The detection of 
these machine learning is used to perform assaults 
using a dataset it built all these data. 


The generalized forensic analysis procedure con- 
sists of four steps: data collection, evaluation, pro- 
cessing, verification and the report. [23]. In first 
step , the data according to a particular attack are 
gathered. Data acquisition is a major issue due to 
the limitation of IoT devices have limited comput- 
ing power. In this case attacks with the evidences 
are not found . This issue can be handled by our 
intended system the log server is introduced to 
identify the threats and also the logs of malicious 
traffic are maintained, and warnings are generated. 
And the next step is to gathered information is ana- 
lyzed to the different information which is pertinent. 
The traffic should be redirected in IoT devices are 
configured by using an IP table. The log server 
writes the logs related to the particular threats as 
well as embedding them into the detecting engine. 
In the process of traffic redirection related data is 
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taken and other packets are removed. The obtained 
information is analyzed for the purpose of useful 
data. Server security onion gives the information 
related to when records are collected and regener- 
ated. Security onion gives the information to iden- 
tify the kind of assault and the assailants and the 
source and destination ports. Snort gives the alerts 
for these kinds of attacks. These kinds of attacks 
are inspected and gives the data help to identify the 
attacker and the extent of the harm caused by the 
threats. In the final step, the analytical findings are 
obtained. 


2. Literature Survey 


Various forensic tools and frameworks are designed 
for detecting the attacks in IoT devices. 


Fagbola et al proposed a framework for smart 
digital forensic readiness (SIOoTDFR). SIoTDFR 
includes six distinct stages, device connection, 
device identification, device monitoring, digital evi- 
dence gathering, digital evidence preservation and 
secure storage. It shows the tiniest PDE and when 
an incident occur it monitors the criminal activity 
easily. 

Aslan et al. gives the idea on various malware 
detection techniques along with their advantages 
and disadvantages. To detect the both signature- 
based and heuristic-based detection methods have 
proven to be effective in detecting malware but 
to identify the detection method relying on known 
malware signatures has proven to be unsuccessful. 
Different approaches like behaviour based, Cloud- 
based methodologies exhibit strong performance in 
terms of efficiency complicated malware, some parts 
of the known and unknown malware are detected by 
using some approaches 

Schedit et al introduced a system for recogniz- 
ing IoT devices through the utilization of DNA has 
been devised. With the help the buyer’s details and 
the unique identification number of the device were 
kept confidential DNA of IoT devices are created. 
By using the DNA, The signs of assaults on these 
devices can be quickly recognized through their dis- 
tinct fingerprints. The Hybrid Forensic IoT server 
was introduced in order to help the present IoT 
forensic investigation process. 

Shrivastava et al., Examined the threats and the 
utilization of machine learning algorithms on IoT 
devices was executed to improve their performance. 


International Research Journal on Advanced Science Hub (IRJASH) 


2023, Vol. 05, Issue 05S May 


To detect a malicious network traffic some of the 
classification-based are used, among all algorithms 
SVM gives the more accuracy. They examine some 
commands and identifies how the malicious activity 
is performed by the attackers. 

Hegarty the authors tackled the intricate nature of 
digital forensics in the Internet of Things and sug- 
gested a cloud computing solution for conducting 
digital investigations. 

An overall examination of suggested remedies 
and a blueprint of the system are included in the 
effort. Nonetheless, they lack a plan for implement- 
ing their idea. 

Oriwoh et al These hypothetical situations were 
developed through a comprehensive examination 
of individuals who employed a novel approach in 
committing their digital offenses Upon evaluating 
and deducing insights from the research findings, a 
framework was established which utilizes regions as 
the basis for exploring the IoT ecosystem, and cen- 
ters on three key elements. 

Nisais Nimalasingam An effective approach to 
detecting IoT malware through forensic analysis is 
to focus on the most distinct network traffic features 
and combine them with the binary characteristics of 
various malware families. A massive collection of 
network traffic data was utilized, featuring various 
network traffic characteristics. As a result of the fea- 
ture extraction process for each malware type, the 
proposed model demonstrated an impressive detec- 
tion accuracy of nearly 96% during the experimen- 
tation stage of the research. 

Ayush Kumar and Teng Joon Lim ML classifica- 
tion algorithms were used to offer EDIMA, a modu- 
lar solution for the identification of network activity 
coming from IoT threats. Obtained features are col- 
lected from network traffic samples at the accessing 
gateway level and given target class. Several com- 
mon machine learning (ML) techniques were trained 
using some of the selected features that have been 
retrieved, and the resulting ML models were again 
deployed to analyse data collected with their classi- 
fication scores provided. 

Meffert et al The challenges posed by IoT devices, 
such as the absence of a uniform standard, are 
emphasized as being numerous and complex. There 
are many different communication protocols used 
by different electronic devices, while some of these 
devices often use Real-Time Operating Systems 
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(RTOS), which often have very little storage space 
or none. 


3. Methodology 


As shown in Figure 2, the suggested architecture for 
analysis of devices during assault is composed of 
four components.. First, traffic generation attack is 
in charge of generating attacks from the Kali Linux 
system to the tools used in experimentation. second, 
there is a network redirection logging server where 
the warnings are provided in charge for routing traf- 
fic to the devices and the servers, analyses com- 
munication and provides records only the network 
matches with server rules. Third, analysis with the 
server is in charge of regenerating records obtained 
from the network. The records are rebuilt, the use- 
ful data about assault and the assailants is taken . 
Finally, the analysis in charge of detecting threats 
with the help various machine learning models. 


loT Device 
“| Raspberry Pi |~ | 


Traffic Generation Of Attacks 


ali Linux 


Redirect loT 
Traffic to Logging 
Server 


Alerts and Logs 
Generated |. Ver Rules 
Matched 


Traffic Redirected to Server /Logs and Alert Generat tion 


Forensic Analysis Using Machine Learning 


Data Splitting Feature Attack 
renee for Training Extraction and rent peuarees Pattern 

and Testing ‘Selection Detected 
Logs for | Reports and 
Analysis | Statistics 


Forensic Analysis using Tools 


Logs for 
Analysis 


FIGURE 2. Approach for forensic analysis of 
network. 


Different devices are used in our designed exper- 
imentation, like the The Raspberry Pi, utilized as an 
Internet of Things device, can be equipped with a Pi 
camera. , snort as a logging server , security onion 
as a forensic server , Kali Linux to produce assault 
possibilities. These devices are all linked to a com- 
mon system. the given diagram depicts about device 
configuration. 


3.1. Assault Network Generation 


In this architecture the initial step involves using 
Kali Linux, to perform several assaults on the 
Raspberry Pi , which has an Ip address of 
192.168.56.101. On the board, IoT devices are built 
with connectivity options Sensors, cameras, and 
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FIGURE 3. Network diagram 


other devices of various types are used. The Internet 
of Things board is built on an open-source platform. 
In this experiment, a Raspberry Pi is used as an 
IoT device, Ettercap, HPING3, NMAP, Metasploit, 
and Wireshark were among the Kali Linux tools we 
used. These are Raspberry Pi-based attacks. 

1. NMAP port scanning; 

2. attack through brute force with Metasploit; 

3. Synthetic flooding with DoS utilizing 
HPING3; 

4. Via Ettercap, perform MITM ARP spoofing 


3.2. Diversion of communication & creation of 
intrusion records and signals 


Under this architecture the traffic from the 
devices is diverted to a_ server, additional records 
were produced. To prevail the limitations of 
IoT device traffic is forwarded to a_ server at 
192.168.56.2 as its IP address. Every device has 
an M2M connection and can communicate with 
one another directly. Regarding server-side record 
archiving, It was done using a tracking interface 
(WAZUH) .A third-party server is used. However, 
the Raspberry Pi’s ARM architecture does not sup- 
port it. The network traffic is then routed through 
IP tables towards a snort gateway, which has the 
address of 192.168.56.2. Snort is installed on the 
logging server. Snort guidelines are created and 
added to the setup file for certain attacks. Snort 
examines a network arriving at the device ,compares 
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towards a snort guideline. When the server’s identi- 
fication finds it is match, then threats were detected 
by a snort alert, & records are kept in the — server. 
Otherwise, packets are outmoded. Snorts generates 
attack logs in pcaps format. The open-source CIC 
flow metre these pcaps files are transformed to CSV 
files using program . These machine learning mod- 
els are utilized using a CSV file of records because 
ML can’t be performed to pcap files. 


3.3. Analytical Approaches Using Security Onion 


Logs are saved for analysis after snort detects an 
attack. These network files included details on the 
kind of threats, source & destination address, and 
additional information. Security onion have two net- 
work cards and an IP address of 192.168.56.4. The 
first is used for management, and the second sniffs 
network packets to find illegal activity on the net- 
work. The logging server record solve a problem 
of evidence acquisition. Security onion includes a 
number of built-in tools for analysing logs, includ- 
ing squil and squert. Sguil is the graphical user inter- 
face for snort, a command-line tool. As we have 
captured the log, to gather details about assaults and 
assailants, these logs are periodically created. 


3.4. Machine learning for forensic analysis 


Machine learning algorithms are used to detect 
attacks on IoT devices. Automatic detection using 
Snort is not possible in which We utilize IDS to var- 
ious threats each time. Through an artificial assault 
prediction system, ML by using various types of 
classifiers and labelling generates CSV-formatted 
logs. This information was split into training and 
testing groups after pre-processing. After extract- 
ing the features, we developed ML models and eval- 
uated them using real-time traffic and the testing 
dataset. 


3.4.1. Data Labelling and Flow Aggregation 


Because PCAP files cannot be used by machine 
learning models, To transform into CSV format a 
CIC flow meter is utilized . Traffic behaviour ,some 
analytical traits are taken out. after that ,Those 
attributes catered to machine learning model, which 
detects threats to devices. Information is labelled to 
identify standard and anomalous behaviour, shown 
in Table 3. 
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TABLE 1. Analysis and Configuring possibilities 


Category Type Symbol 
Normal Normal 0 
Anomaly Dos 1 

Brute force 2 

Attack 3 

Shell Code 4 

Backdoors 


3.4.2. Data Pre-processing 


To guarantee data reliability, integrity , and stabil- 
ity we eliminate irrelevant fields and any attributes 
which encrypt qualitative features, can never aid 
to categorization, & scale properties of numerals 
between 0 and 1. In order to prevent model effi- 
ciency deterioration and source bias, previously 
labelled fields such as category of threat and IP & 
port address must be removed. Various strategies 
are applied to eliminate anomalies and incomplete 
data. 


3.4.3. Dividing the Dataset for Training & Testing 


Furthermore, the dataset is divided as two subsets: 
training and testing. With the use of trained data, 
the model is developed and tested. Thirty percent of 
the dataset is used for testing, and 70% for training. 


3.4.4. Identification and Analysis of Attributes 


A machine learning algorithm’s recognise effective- 
ness is decreased by related attributes. To select 
attributes, Backward elimination , k-best , and 
attribute value were utilized.. We chose k-best for 
feature extraction. As shown in Table 4, K = 10 
yields the best accurate results. 


TABLE 2. Test config settings 


Selected Features 

10 Flow_Byts/s,Pkt_Len_Var,Flow_Pkts/s, 
Fwd_Pkts/s,Bwd_Pkts/s, 
Bwd_IAT_Max,Src Port, 
Bwd_IAT_Mean,Bwd_IAT_Tot, 
Flow_Duration 


3.4.5. Model development and evaluation 


After the feature extractor extracts the features from 
the inputs, within the learning phase, inputs and 
labels are supplied to machine learning algorithms. 
The optimal model is built using a combination of 
machine learning methods. Each model operates 
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differently due to the multiple domains on which 
input is trained During the testing step, input usu- 
ally passed to the pattern generator to acquire the 
features. They are provided to extract the labels, 
into predefined classifier models predictions. We 
labelled our data as before. As a result, the threat 
is deduced & predicted from the model. Figure 4 
depicts a typical representation of the training and 
testing stage. They made utilize of certain assess- 
ment criteria. to determine effectiveness of predic- 
tions, including the using confusion matrix’s Fl 
score, recall, accuracy, and precision. The trained 
models are evaluated using the testing dataset. Effi- 
ciency and other metrics won’t accurately depict 
the actual fault when we only utilise the train- 
ing dataset. Additionally, during training, cross- 
validation is utilised to fine-tune the models and 
enhance the performance measures. On the basis of 
their accuracy, precision, Fl score, and recall, our 
models were assessed. 
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FIGURE 4. Training and testing of ML models 


3.5. Analysis and Report 


The proposed research design is intended for 
Machine-To-Machine (M2M) communication using 
IoT devices. IoT devices and other devices are given 
unique IP addresses. A private network is a collec- 
tion of machines. The goal of creating the vicin- 
ity is to thoroughly investigate during analytics of 
device communication via M2M connectivity. Sev- 
eral attacks on IoT devices were carried out in this 
environment. The entire network Traffic via Iot sys- 
tems is redirected to the Snort monitoring server. 
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The analytical system security onion retrieves the 
records from the server, where network packets are 
created & examined. To automate this proposed 
model, ML models are applied with the dataset. 
When Cyberattack detection seems to be more accu- 
rate when forensic tool analysis and machine learn- 
ing study are combined. 


4. Existing state-of-the-art methods for forensic 
analysis of IoT devices include: 


Digital Forensic Investigation of Internet of Things 
Devices: This method involves analyzing the digi- 
tal artifacts on IoT devices to identify evidence of 
cybercrime incidents. The method uses traditional 
forensic techniques, such as data carving and analy- 
sis of file system metadata. 

Network Forensics Analysis for Internet of 
Things: This method involves analyzing the net- 
work traffic between IoT devices and other devices 
or services to identify evidence of cybercrime inci- 
dents. The method uses network traffic analysis 
tools to capture and analyze the traffic. 

Accuracy: 

Accuracy 1s a Statistical metric that is commonly 
used to evaluate the performance of a model, clas- 
sifier, or algorithm. It is defined as the ratio of the 
correctly predicted instances to the total number of 
instances in each dataset. 


Accuracy = (TP+TN)/ (1) 
(TP+FP+TN + FN) 


TP-True Positive, TN-True Negative, FP-False Pos- 
itive, FN-False Negative. 

Equation (1) represents the proportion of correct 
predictions among all predictions made. 

Recall : 

Recall is a statistical metric used to evaluate the 
performance of a classification model or algorithm 
in correctly identifying the positive instances. It is 
also known as sensitivity or true positive rate (TPR). 
The formula to calculate Recall is: 


Recall = (TP)/(TP+ FN) (2) 


Equation (2) represents the proportion of true posi- 
tives among all actual positive cases. 

Precision : 

Precision is acommonly used performance metric 
in machine learning and information retrieval that 
measures the proportion of true positives among the 
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instances predicted as positive. It is calculated using 
the following formula: 


Precision = (True positives) / 


((True positives + False Positives)) @) 


Equation (3) represents the proportion of true posi- 
tives among all positive predictions made. 

F-Score : 

The F-score (also called Fl-score) is a statistical 
measure that combines precision and recall into a 
single value. It is used to evaluate the performance 
of a classifier or model in binary classification prob- 
lems. 

The formula to calculate the F-score is: 


F1— score = (2 * (precision * recall)) / 
ie (4) 

((precision + recall)) 

Equation (4) represents the harmonic mean of pre- 

cision and recall, which gives a balanced score that 

takes both precision and recall into account. 


True label 


Predicted label 


FIGURE 5. Random ForestConfusion Matrix 


Random Forest Confusion Matrix : It shows 
the performance of a Random Forest classification 
model on a set of test data. It summarizes the num- 
ber of correct and incorrect predictions made by the 
model for each class, organized by true and pre- 
dicted labels. 

Decision tree confusion matrix: 

It summarizes the performance of a Decision Tree 
classification model on a set of test data. It shows the 
number of correct and incorrect predictions made by 
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FIGURE 6. Decision tree confusion matrix 
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FIGURE 7. Extra trees confusion matrix 


the model for each class, organized by true and pre- 
dicted labels. 

Extra trees confusion matrix : 

It summarizes the performance of an Extra Trees 
classification model on a set of test data. It shows the 
number of correct and incorrect predictions made by 
the model for each class, organized by true and pre- 
dicted labels. 

MLP Confusion Matrix : 

It summarizes the performance of an MLP clas- 
sification model on a set of test data. It shows the 
number of correct and incorrect predictions made by 
the model for each class, organized by true and pre- 
dicted labels. 

Gradient Boosting Classifier : 
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FIGURE 8. MLP Confusion Matrix 
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FIGURE 9. Gradient Boosting Classifier 


It used for classification tasks. It is an ensem- 
ble learning method that combines multiple weak 
prediction models to create a strong classifier. The 
algorithm builds the model in a step-by-step manner 
by minimizing the error in each iteration. 

Various machine learning models are applied to 
the dataset obtained from records gathered by the 
logging server. We employed strategies like compo- 
nent significance, k-best, and backward elimination 
to identify & choose features. We utilised the k-best 
feature extraction and selection approach to choose 
the most optimal characteristic in the database while 
executing several tests. This information is sepa- 
rated as 70% for training and 30% for testing. We 
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assessed the performance of the models by taking 
into account various parameters, including accuracy, 
recall, precision, and Fl-score.Table 3 compares the 
efficiency of ML algorithms. Among all the algo- 
rithms random forest gives the more accuracy. 


Accuracy Recall Precision Fi-Score time to train time to predict total time 


Logistic 

KNN 

Decision Tree 
Extra Trees 

Random Forest 
Gradient Boosting Classifier 95.85% 
MLP Ht 
MLP (Keras) 


GRU (Keras) 


LSTM (Keras) 


FIGURE 10. Compares the efficiency of ML 
algorithms 


5. Future scope: 


As the Internet of Things (oT) continues to grow 
and become more prevalent in our daily lives, the 
need for forensic analysis on IoT devices using 
machine-to-machine (M2M) frameworks is becom- 
ing increasingly important. Here are some potential 
future developments and applications in this field 
like Increased complexity of IoT devices, Improved 
security,Increased demand for forensic analysis 
andCross-disciplinary collaboration 


6. Conclusion: 


The proposed system is aimed at detecting attacks 
on IoT devices through the implementation of 
machine learning techniques like Random Forest, 
Decision Tree, Extra Trees, Gradient Boosting Clas- 
sifier, MLP. A confusion matrix is a useful tool 
for evaluating the performance of different classi- 
fiers used on a test dataset where the true values are 
already known. It presents the number of true posi- 
tives (TP), true negatives (TN), false positives (FP), 
and false negatives (FN) for each classifier. The true 
positives are the number of correctly classified pos- 
itive instances, while true negatives are the number 
of correctly classified negative instances. False pos- 
itives are the number of negative instances that are 
mistakenly classified as positive, and false negatives 
are the number of positive instances that are mis- 
takenly classified as negative. A confusion matrix 
allows us to compare the classification results of dif- 
ferent models and assess their overall accuracy. 
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